3com 8807 User Guide
802.1x Configuration Example
231
when the user is accessed, the domain name does not follow the user name.
Normally, if the user’s traffic is less than 2000 Byte/s consistently over 20 minutes,
he will be disconnected.
Normally, if the user’s traffic is less than 2000 Byte/s consistently over 20 minutes,
he will be disconnected.
A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2
respectively, is connected to the switch. The former one acts as the
primary-authentication/secondary-accounting server. The latter one acts as the
secondary-authentication/primary-accounting server. Set the encryption key as
"name" when the system exchanges packets with the authentication RADIUS
server and "money" when the system exchanges packets with the accounting
RADIUS server. Configure the system to retransmit packets to the RADIUS server if
no response received in 5 seconds. Retransmit the packet no more than 5 times in
all. Configure the system to transmit a real-time accounting packet to the RADIUS
server every 15 minutes. The system is instructed to transmit the user name to the
RADIUS server after removing the user domain name from the user name.
respectively, is connected to the switch. The former one acts as the
primary-authentication/secondary-accounting server. The latter one acts as the
secondary-authentication/primary-accounting server. Set the encryption key as
"name" when the system exchanges packets with the authentication RADIUS
server and "money" when the system exchanges packets with the accounting
RADIUS server. Configure the system to retransmit packets to the RADIUS server if
no response received in 5 seconds. Retransmit the packet no more than 5 times in
all. Configure the system to transmit a real-time accounting packet to the RADIUS
server every 15 minutes. The system is instructed to transmit the user name to the
RADIUS server after removing the user domain name from the user name.
The user name of the local 802.1x access user is localuser and the password is
localpass (input in plain text). The idle cut function is enabled.
localpass (input in plain text). The idle cut function is enabled.
Network diagram
Figure 59 Enable 802.1x and RADIUS to perform AAA on the supplicant
Configuration procedure
n
The following examples concern most of the AAA/RADIUS configuration
commands. For details, refer to the "AAA&RADIUS&HWTACAS" part in this
document.
commands. For details, refer to the "AAA&RADIUS&HWTACAS" part in this
document.
The configurations of access user workstation are omitted.
RADIUS server configuration is carried out in terms of RADIUS schemes. A RADIUS
scheme actually can either be a stand-alone RADIUS server or two mutually
backed up RADIUS servers with the same configuration and different IP addresses.
So, for each RADIUS scheme, you need to configure the IP addresses for the
primary and secondary RADIUS servers, and the shared key.
scheme actually can either be a stand-alone RADIUS server or two mutually
backed up RADIUS servers with the same configuration and different IP addresses.
So, for each RADIUS scheme, you need to configure the IP addresses for the
primary and secondary RADIUS servers, and the shared key.
# Enable 802.1x globally.
[SW8800] dot1x
Supplicant
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Authenticator
Switch
Supplicant
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Switch
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Switch
Ethernet3/1/1